Google Distributed Cloud (GDC) air-gapped appliance uses the Linux Unified Key Setup (LUKS) to encrypt data on disks. Each physical disk is turned into a logical volume, encrypted by LUKS, during the bootstrapping processing. LUKS requests an externally provided passphrase to decrypt and open the device.
This document describes the steps to rotate the LUKS passphrase that must be performed for:
- regularly scheduled passphrase rotation.
- passphrase exposure.
Before you begin
Complete the following steps:
- Verify that you meet the laptop prerequisites.
- Ensure that you can log in to the three nodes as a root user.